[iwar] news
From: Fred Cohen
To: Information Warfare Mailing List
From: fc@all.net
To: iwar@onelist.com
Wed, 10 Jan 2001 07:55:09 -0800 (PST)
fc Wed Jan 10 08:02:08 2001
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Wed, 10 Jan 2001 08:02:08 -0800 (PST)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Wed Jan 10 15:58:03 2001)
X-From_: fc@all.net Wed Jan 10 09:57:56 2001
Received: from cj.egroups.com (cj.egroups.com [208.50.144.68]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id JAA29880 for ; Wed, 10 Jan 2001 09:57:53 -0600
X-eGroups-Return: sentto-279987-888-979142508-fc=all.net@returns.onelist.com
Received: from [10.1.4.52] by cj.egroups.com with NNFMP; 10 Jan 2001 16:01:57 -0000
X-Sender: fc@all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-6_3_1_3); 10 Jan 2001 16:01:47 -0000
Received: (qmail 70542 invoked from network); 10 Jan 2001 15:55:10 -0000
Received: from unknown (10.1.10.26) by m8.onelist.org with QMQP; 10 Jan 2001 15:55:10 -0000
Received: from unknown (HELO all.net) (65.0.156.78) by mta1 with SMTP; 10 Jan 2001 15:55:10 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id HAA09611 for iwar@onelist.com; Wed, 10 Jan 2001 07:55:09 -0800
Message-Id: <200101101555.HAA09611@all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Wed, 10 Jan 2001 07:55:09 -0800 (PST)
Reply-To: iwar@egroups.com
Subject: [iwar] news
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Hack attacks hit home;
U.S. turns its tech efforts to prevention;
U.S. takes steps on cyber terrorism
By TOM KIRCHOFER
Copyright 2001 Boston Herald Inc. The Boston Herald January 8, 2001
The term "national security" used to conjure images of warplanes in the=
sky, fleets of ships on the high seas and legions of troops marching=
across a global chess board.
But the term is evolving, and armies of techies sitting at computer=
terminals could someday be just as destructive as soldiers in the field -=
without firing any weapons.
Researchers studying the field of "cyber warfare" say that, along with guns=
and bombs, computer hacking has the potential to become a tool of=
terrorists or foreign governments bent on wreaking havoc in the United=
States.
"We know there are vulnerabilities. Luckily, what we haven't seen at this=
point is a barrage," said Frank Cilluffo, the director of the information=
warfare task force at the Center for Strategic and International Studies,=
a Washington think tank.
In a recent study about new national security threats, CSIS warned that it=
is growing increasingly difficult to distinguish between threats from=
foreign militaries or spies, terrorists, or run-of-the mill hackers. Plus,=
the interconnectedness of America's many computer networks creates tasty=
new targets; for example, taking down a large bank's computer system could=
do more damage than attacking a bank building.
The study also noted that 95 percent of U.S. military traffic moves over=
civilian telecommunications and computer networks.
"And the threat has grown because we're more dependent on electronic=
networks, so any attacks on them have a great impact on our well-being,"=
said Lee McKnight, a professor of international communications at the=
Fletcher School of Law and Diplomacy at Tufts University.
So far, he notes, the biggest computer threats seem to come from "pimply=
faced 16-year-old boys." But what might happen if more sophisticated=
computer experts start mucking about with the nation's - and the world's -=
information networks?
Perhaps the best known cyber attack so far was last year's "Love Bug"=
virus, in which a student in the Phillipines unleashed a killer e-mail=
that, by some estimates, may have cost billions of dollars.
But a terrorist group might attempt a coordinated attack, by bombing a=
building while simultaneously using some sort of cyber attack to impede=
the communications of police and fire departments, said Chris Hellman, a=
senior analyst with the Center for Defense Information.
"And then there's another broad category, causing civil upheaval," he said.=
"Being able to claim that we can turn off all the lights in a city at=
once, that's an effective weapon."
It's easy to spin nightmare scenarios, but a former defense official, who=
spoke on the condition that his name not be used, pointed out that it=
would take a great deal of sophistication to pull off such a pinpoint=
attack.
"You should be comfortable that we have perceived this as a threat, and=
just like everything else, we have weapons that people know about to deal=
with this, and weapons that people don't know about," he said.
Still, it can be tough to fight fire with fire. As one of the world's most=
wired nations, the United States would have a lot to lose if it tried to=
unleash some sort of a cyber attack of its own, because many of its own=
systems could inadvertantly be damaged. Meanwhile, a terrorist=
organization in a Third World country would probably have little to lose=
if their country doesn't have widespread information networks.
"If you're a Third World country, you suddenly have this weapon that does=
not harm you. That's sort of a unique situation," the former defense=
official said.
Last year, President Clinton announced the creation of a national strategy=
for the protection of information systems, calling on federal agencies to=
beef up their information security systems. A critical element of the plan=
called for increased cooperation with the private sector, which controls=
most of the United States' computer networks, but CSIS' Cilluffo thought=
more needed to be done.
He thought businesses needed to have a way to discreetly and anonymously=
share information about potentially serious cyber threats with each other=
and the government.
"There are a number of reasons why a company wouldn't report security=
information," he said. "It undermines shareholder and consumer confidence,=
and other companies can use the negative press to their advantage."
Cyber skills are likely to change the way conventional wars are fought as=
well, said Mike Gradey, the chief technical director of Logicon Inc., a=
subsidiary of the defense contractor Northrop Grumman Corp.
"Instead of going out and bombing an air base, all you would have to do is=
get into their computer system and, say, make it look like they have a=
fuel shortage," he said. "That could be every bit as effective as if you'd=
shot the plane out of the sky."
Ultimately, the experts say that whether a threat comes from a foreign=
government, a terrorist group or a teenage hacker, cyber warfare has=
fundamentally changed the way in which national security must be=
approached, because a potential attack is no longer limited by geography -=
it can come from anywhere.
"The thing to keep in mind is that the nature of information warfare is=
that it's global," Gradey said. "You can have anyone sitting anywhere in=
the world with a laptop computer on their dining room table, and that=
individual can impact computers and decision-making anywhere else in the=
world," Gradey said.
--
Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225
Fred Cohen & Associates: http://all.net - fc@all.net - tel/fax:925-454-0171
Fred Cohen - Practitioner in Residence - The University of New Haven
This communication is confidential to the parties it is intended to serve.
PGP keys: https://all.net/pgpkeys.html - Have a great day!!!
------------------
http://all.net/